CVE-2025-13219

Summary

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Orchestrator3.0.0 <= 4.1.2affected

Weaknesses

  • CWE-598: CWE-598 Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References